General
-
Target
PCS.exe
-
Size
36KB
-
Sample
230609-v9gtmacg66
-
MD5
b0e74bc4cabf6cbc2e2db45fecf4036c
-
SHA1
f1f6cea0ee1a3316601ab5ff513495004906e39d
-
SHA256
1d9139f8f3a11b4082f6e7bc0e88ef543fa6566f608fe0d3e2b6572c7708bc3b
-
SHA512
268b90e5bbbdecfd37aef6e4c6424b2c6f3bec74856fee2faebdec6fe0f3bae32d8b3f150ae0e5d2f22a7b667c863e355b37e17c3b58ebd3e2d4bf99753c1f3d
-
SSDEEP
768:/PuMPF3lFdS7MZ61mK6qrM+rMRa8NuR/tQ:/PJF3lPSQZ61MV+gRJN2
Behavioral task
behavioral1
Sample
PCS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PCS.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
im523
GRIB35
89.3.24.168:50033
gribouillefr.ddns.net:50033
83c9a1eba2df735380c1cc2af0582208
-
reg_key
83c9a1eba2df735380c1cc2af0582208
-
splitter
|'|'|
Targets
-
-
Target
PCS.exe
-
Size
36KB
-
MD5
b0e74bc4cabf6cbc2e2db45fecf4036c
-
SHA1
f1f6cea0ee1a3316601ab5ff513495004906e39d
-
SHA256
1d9139f8f3a11b4082f6e7bc0e88ef543fa6566f608fe0d3e2b6572c7708bc3b
-
SHA512
268b90e5bbbdecfd37aef6e4c6424b2c6f3bec74856fee2faebdec6fe0f3bae32d8b3f150ae0e5d2f22a7b667c863e355b37e17c3b58ebd3e2d4bf99753c1f3d
-
SSDEEP
768:/PuMPF3lFdS7MZ61mK6qrM+rMRa8NuR/tQ:/PJF3lPSQZ61MV+gRJN2
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-